1 Answer
1

RHEL doesn't yet have systemd, so the approach for Fedora 19 and RHEL will be dramatically different.

At any rate, what you are trying to do is not sanely possible. You'd have to create a separate login role for each user and grant it ability to execute systemd without transitioning into systemd domain -- at which point you'd have to pretty much clone the entire systemd policy into each user's domain and then write another policy for executing each service. Per user. Unless you already have a really awesome understanding of SELinux and are already really excellent at writing SELinux policies (and really love M4), I strongly suggest not going down this route.

Just add sudo rules per user to allow executing things like "/sbin/service foo restart" or "/bin/systemctl restart foo.service". If you want to add SELinux into the fray, make these users staff_u and the rest user_u.